Threat modelling is a process to identify security weaknesses in software design and architecture, and define countermeasures that mitigate the malicious effects of the discovered weaknesses Threat modelling is a process to identify security weaknesses in software design and architecture, and define countermeasures that mitigate the malicious effects of the discovered weaknesses before any code is cut.
Our training course is designed for software developers and architects in mind. Threat modelling is language-agnostic. It can be easily used for any software development project and with any modern workflow such as Agile or DevOps. The analysis work is done on the design of the software system in order to improve the quality of the code that will be delivered in-sprint.
You will learn how to address security design concerns faced by software development teams with a combination of teaching modules and practical threat model exercises. The participants will be encouraged to work in teams, to foster discussions on how to implement security controls for the modelled threats on their software architecture.
All key stakeholders in an Application Development workflow should know how to assess the weak points in their systems and what questions to ask. The course will provide a framework to assess these questions and will yield immediate beneficial results.
The JBI THREAT MODELLING FOR DEVELOPERS TRAINING COURSE uses the Rapid Threat Model Prototyping methodology (RTMP). RTMP enables a development team to seamlessly integrate threat modelling with existing Agile / DevOps workflows.
You will learn a practical overview of the necessary disciplines for resolving application architecture and design issues according to OWASP good security practices.
We aim to instill skills which allow you to perform rapid threat modelling in a Consistent, Repeatable and Measurable manner.
Security focused Developers and software architects.
The target audience for this course are developers and architects who have identified themselves as wanting to take on the role of security champion; they will probably have minimal experience in security risk assessments and threat modelling. The course will provide a strong baseline of knowledge in these areas.
Receive the latest version of this course by email & subscribe to our Newsletter
08/02/2018: The need for increased application security is dramatically changing the way software is built – for the better. By prioritising security during development, programmers are able to build applications that are less vulnerable to hacking and exploitation once deployed. In the age of the Global Data Protection Act, businesses need to be sure that their applications, and the data contained in them, are safe from hackers. Threat modelling – what it is Threat modelling is a structured process for identifying and quantifying security risks associated with your applications. The idea is to assess...
22/01/2018: The new Global Data Protection Regulation (GDPR) promises to be the biggest change in corporate information security since the original Data Protection Act 1998 came into force. Under GDPR, businesses have new responsibilities when handling personal data – and face huge penalties for breaches. Most corporate data is now held digitally, so the responsibility for implementing GDPR safeguards has (in most organisations) fallen to the IT department. Importantly, GDPR affects every item of personal data – including those details held in hard copy paper files – so everyone has a role to play...
15/01/2018: As 2018 gets under way, now is the perfect time to revisit the OWASP 2017 conference – and apply the best-practice guidelines discussed at the conference. Here are three key areas developers need to consider this year. An increased focus on mobile and embedded systems There have been two significant technology trends in recent years. First, mobile computing is (arguably) of greater importance than traditional desktop-based systems. Second, smart sensors are being deployed everywhere to create intelligent “Internet of Things” networks. As a result, both mobile and embedded systems are...
19/10/2017: A leading Financial Services organisation was keen to get several of its teams working consistently in an "Agile" way. Agile is an iterative approach to software delivery that builds software incrementally from the start of the project, instead of trying to do it all at once. Agile breaks projects down into user functionality called user stories, prioritizing them, and then continuously delivering them in short two week cycles called iterations This methodiology was to ensure better communication and project management for teams of Developers and Product owners. JBI's Scrum and Agile...
07/10/2017: This client was expanding its capability to deliver technical training across EMEA. It had recently acquired a large technology company which had at a stroke doubled its population of IT engineers and therefore the demand for training. JBI Training was initially one amongst a large group of training companies which has over the last 36 months been reduced to a much smaller group of trusted specialist providers. Training feeds into multiple management metrics and so the client had very specific requirements around how the course was provisioned by JBI and delivered by the trainer. These...
AI & ML training course
React training course
Threat Modelling training course
Python for Data Analysts training course
Power BI training course
Machine Learning training course
Spring & Boot Microservices training course
Terraform training course
Kubernetes training course
C++ training course
Biztalk training course